Personal control of personal information
First Claim
1. A method for controlling access to personal information about an individual, the method comprising:
- receiving, from a third-party device through a computer network, a request for the personal information about the individual that includes a digital fingerprint of the third-party device;
sending a notification of the request for the personal information of the individual to the individual;
receiving authorization data that indicates whether the individual intends to grant the request for the personal information of the individual and a digital fingerprint of an authorizing device from which the authorization data is sent;
determining, based on the digital fingerprint, a total number of individuals for whom authorization data was sent from the authorizing device;
comparing the total number of individuals to a predetermined limit; and
upon a condition in which both (i) the authorization data indicates that the individual intends to grant the request for the personal information of the individual;
(ii) the digital fingerprint of the authorization data matches a digital fingerprint of at least one predetermined authorized device; and
(iii) the total number of individuals is no more than the predetermined limit, sending the personal information to the third-party device;
wherein sending the personal information to the third-party device comprises;
determining whether a copy of the personal information is cached in a local non-transitory computer readable medium; and
upon a condition in which no copy of the personal information is cached in the local non-transitory computer readable medium;
retrieving the personal information from a remotely located computer system; and
caching a copy of the personal information in the local non-transitory computer readable medium.
5 Assignments
0 Petitions
Accused Products
Abstract
A personal information server provides personal information about an individual to a third-party only when authorized by the individual through use of a previously authenticated computing device. The personal information server authenticates both the computing device used by the third-party to access the personal data and the device used by the individual to grant or deny such access using highly secure digital fingerprints of each. The individual can allow the third-party multiple instances of access to the personal information within restrictions specified by the individual. Other advantages also arise from large-scale tracking of which devices access and control personal information of many people—particularly with respect to identifying and preventing fraud and identity theft.
-
Citations
5 Claims
-
1. A method for controlling access to personal information about an individual, the method comprising:
-
receiving, from a third-party device through a computer network, a request for the personal information about the individual that includes a digital fingerprint of the third-party device; sending a notification of the request for the personal information of the individual to the individual; receiving authorization data that indicates whether the individual intends to grant the request for the personal information of the individual and a digital fingerprint of an authorizing device from which the authorization data is sent; determining, based on the digital fingerprint, a total number of individuals for whom authorization data was sent from the authorizing device; comparing the total number of individuals to a predetermined limit; and upon a condition in which both (i) the authorization data indicates that the individual intends to grant the request for the personal information of the individual;
(ii) the digital fingerprint of the authorization data matches a digital fingerprint of at least one predetermined authorized device; and
(iii) the total number of individuals is no more than the predetermined limit, sending the personal information to the third-party device;wherein sending the personal information to the third-party device comprises; determining whether a copy of the personal information is cached in a local non-transitory computer readable medium; and upon a condition in which no copy of the personal information is cached in the local non-transitory computer readable medium; retrieving the personal information from a remotely located computer system; and caching a copy of the personal information in the local non-transitory computer readable medium. - View Dependent Claims (2, 3)
-
-
4. A computer system comprising:
-
at least one processor; a non-transitory computer readable medium that is operatively coupled to the processor; network access circuitry that is operatively coupled to the processor; and personal information server logic (i) that executes in the processor from the non-transitory computer readable medium and (ii) that, when executed by the processor, causes the computer to control access to personal information about an individual by at least; receiving, from a third-party device through a computer network, a request for the personal information about the individual that includes a digital fingerprint of the third-party device; sending a notification of the request for the personal information of the individual to the individual; receiving authorization data that indicates whether the individual intends to grant the request for the personal information of the individual and a digital fingerprint of an authorizing device from which the authorization data is sent; determining, based on the digital fingerprint, a total number of individuals for whom authorization data was sent from the authorizing device; comparing the total number of individuals to a predetermined limit; and upon a condition in which both (i) the authorization data indicates that the individual intends to grant the request for the personal information of the individual;
(ii) the digital fingerprint of the authorization data matches a digital fingerprint of at least one predetermined authorized device; and
(iii) the total number of individuals is no more than the predetermined limit, sending the personal information to the third-party device;wherein sending the personal information to the third-party device comprises; determining whether a copy of the personal information is cached in a local non-transitory computer readable medium; and upon a condition in which no copy of the personal information is cached in the local non-transitory computer readable medium; retrieving the personal information from a remotely located computer system; and caching a copy of the personal information in the local non-transitory computer readable medium. - View Dependent Claims (5)
-
Specification